As I transitioned from Docker Swarm to Kubernetes, I wanted a robust and automated way to manage deployments, configuration changes, and dependency updates without manually applying manifests or constantly babysitting my clusters. That’s when I fully embraced GitOps — a paradigm where Git is the single source of truth, and changes are automatically applied to Kubernetes using continuous delivery tools.
In this post, I’ll walk you through my GitOps setup using Flux CD and Mend Renovate, and how these tools work together to provide a seamless CI/CD experience with automated dependency updates and declarative infrastructure.
Why GitOps?
Traditional CI/CD systems push changes to Kubernetes clusters, but that means they need access to your cluster. GitOps flips this model: instead of pushing, the cluster pulls changes from Git. This provides:
- Better security (your CI doesn’t need cluster access),
- Full audit trail (everything is version-controlled),
- Rollback superpowers (just revert a Git commit),
- Drift detection (Flux syncs your cluster to match Git).
Tools in My Workflow
🌀 Flux CD
Flux is a GitOps operator for Kubernetes. It monitors Git repositories and applies changes automatically to the cluster. It supports Kustomize, Helm, and plain manifests, and is deeply integrated with Git workflows.
♻️ Mend Renovate
Renovate is a bot that scans your Git repositories for dependencies (Docker images, Helm charts, etc.) and automatically opens pull requests when updates are available — with changelogs, semver info, and more.
With Renovate and Flux combined:
- Renovate keeps everything fresh
- Flux applies changes automatically
- You just review and merge PRs
The GitOps Flow (Overview)
- Push code or manifest changes to GitHub
- Flux detects the change and syncs it to Kubernetes
- Renovate checks for new versions of images/charts
- Renovate opens PRs in Git
- You approve the PR → Flux applies it to the cluster
Setting Up Flux CD
Flux can be bootstrapped with your GitHub repo in just one command:
flux bootstrap github \ --owner=LeWunderbar \ --repository=homelab-gitops \ --branch=main \ --path=clusters/prod \ --personal
This installs Flux in the cluster and sets up sync from your GitHub repo.
Then you define resources in YAML using GitRepository, Kustomization, or HelmRelease resources. For example:
# clusters/prod/apps/uptime-kuma/kustomization.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: uptime-kuma
spec:
interval: 5m
path: ./apps/uptime-kuma
prune: true
sourceRef:
kind: GitRepository
name: homelab-repo
targetNamespace: monitoring
Automating Dependency Updates with Renovate
Mend Renovate runs as a GitHub App or Docker container and scans for:
- Docker images
- Helm chart versions
- Git submodules
- npm, pip, etc.
Example: Renovate updating my Nginx Deployment
Renovate scans your YAML:
spec:
containers:
- name: nginx
image: nginx:1.26.3
And creates a PR like:
Once I merge it, Flux detects the change and syncs it into the cluster — no manual action needed!
Configuring Renovate
You configure Renovate in a /renovate.json:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:recommended"],
"regexManagers": [
{
"fileMatch": ["\\.yaml$", "\\.yml$"],
"matchStrings": [
"image:\\s?(?<depName>[\\w\\-/\\.]+)(:(?<currentValue>[\\w\\.\\-]+))?"
],
"datasourceTemplate": "docker"
}
]
}
Benefits of This Setup
- Continuous sync: Git is always in sync with the cluster.
- Easy staging to prod: I commit to
staging, test it, then PR intoprod. - Safer deployments: Every change is visible in Git.
- Automatic updates: Thanks to Renovate, everything stays current.
Final Thoughts
Using Flux CD and Mend Renovate, I’ve built a GitOps pipeline that’s reliable, automated, and easy to reason about. The combination of declarative configuration, automatic reconciliation, and smart update PRs has drastically improved my workflow.
If you’re managing a Kubernetes cluster and tired of manual updates, give this combo a try — it’s truly a game-changer for infrastructure as code.